TWI434195B - Method and computer program product for managing virus and backup filtration processes - Google Patents
Method and computer program product for managing virus and backup filtration processes Download PDFInfo
- Publication number
- TWI434195B TWI434195B TW096112920A TW96112920A TWI434195B TW I434195 B TWI434195 B TW I434195B TW 096112920 A TW096112920 A TW 096112920A TW 96112920 A TW96112920 A TW 96112920A TW I434195 B TWI434195 B TW I434195B
- Authority
- TW
- Taiwan
- Prior art keywords
- virus
- file
- copy
- write
- filter
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/16—Protection against loss of memory contents
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1448—Management of the data involved in backup or backup restore
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Quality & Reliability (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
- Debugging And Monitoring (AREA)
- Retry When Errors Occur (AREA)
Description
本發明係有關於組合病毒檢查及複製過濾。The present invention relates to combinatorial virus inspection and replication filtration.
至少部分地因電子檔案的普及性之故,個人與組織皆需按例行方式保護電子檔案。一種保護電子檔案的方式是週期性地進行檔案備份,藉以產生可靠的資料恢復。無論是在個人層級或是在企業層級,用以進行此一作業之傳統備份系統含有一或更多的複製過濾器,此者可識別是否應於一備份伺服器處將資料寫入予以備份。例如,一使用者或會對資料進行一或更多的寫入,然後該複製過濾器可攔截各次寫入,並且接著決定該寫入是否屬於應予保護(亦即備份)的資料。若應對該檔案加以保護,則該複製過濾器接著可將該寫入傳至一多個該等寫入的日誌(log)檔案。At least in part due to the popularity of electronic files, individuals and organizations need to protect electronic files in a routine manner. One way to protect electronic files is to periodically back up files for reliable data recovery. Whether at the individual level or at the enterprise level, the traditional backup system used to perform this job contains one or more replication filters that identify whether data should be written back to backup at a backup server. For example, a user may write one or more data, and then the copy filter may intercept each write and then determine if the write belongs to a material that should be protected (ie, backed up). If the file is to be protected, the copy filter can then pass the write to a plurality of such written log files.
接著,可將該日誌檔案(或其一相對應拷貝)發送到一或更多的備份伺服器。例如,一位於一個人電腦處之使用者可運行一或更多的備份處理程序,該等程序將該日誌檔案及/或任何其他此等經識別資料複製到一或更多的本地或遠端儲存配置,即如該等與一特定備份伺服器所關聯者。類似地,位於一生產伺服器處之一或更多複製代理器或可在一生產伺服器上排程一日誌檔案的備份作業,並且接著將該新資料寫入傳至位於一備份伺服器處的一或更多儲存配置。而在稍後,該使用者(或生產伺服器管理者)或可接著能夠向該備份伺服器請求與該經複製之日誌檔案相關聯的資料。The log file (or a corresponding copy thereof) can then be sent to one or more backup servers. For example, a user located at a personal computer can run one or more backup processing programs that copy the log file and/or any other such identified material to one or more local or remote storage locations. Configuration, ie as associated with a particular backup server. Similarly, one or more replication agents at a production server or a backup job that can schedule a log archive on a production server, and then write the new data to a backup server One or more storage configurations. At a later time, the user (or production server manager) may then be able to request data from the backup server associated with the replicated log file.
然而,按此方式的資料備份僅為保護資料的其中一種方式。其他保護資料的方式包含例如病毒掃描處理。尤其是,眾知電腦病毒可摧毀資料並且破壞電腦系統,而這會導致原先未受感染之檔案的進一步損失。因此,為減緩此等威脅,使用者或管理者或會在一或更多的電腦系統處安裝一或更多的防毒程式。一種傳統防毒軟體運作的方法即為透過一或更多的防毒過濾器,此者可識別對一特定檔案的寫入,然後對該寫入進行掃描,藉以決定該寫入是否含有一已知病毒。該防毒軟體辨識一病毒的能力通常是依據一組防毒定義,而該防毒過濾器在當掃描檔案寫入時即對其進行檢查。從而,該防毒過濾器識別病毒將會是依照這些防毒定義究竟有多新近而定。詳細地說,若該防毒軟體近日未獲更新,則該(等)防毒過濾器或會將一特定檔案(或檔案寫入)識別為清潔,而即使該檔案實際上或確含有近期所產生的病毒亦然。However, data backup in this way is only one way to protect data. Other ways of protecting data include, for example, virus scanning processing. In particular, it is well known that computer viruses can destroy data and damage computer systems, which can lead to further loss of previously uninfected files. Therefore, to mitigate these threats, users or administrators may install one or more anti-virus programs on one or more computer systems. A conventional anti-virus software operates by passing one or more anti-virus filters, which can identify a write to a particular file and then scan the write to determine if the write contains a known virus. . The antivirus software's ability to recognize a virus is usually based on a set of antivirus definitions that are checked when the scan file is written. Thus, the antivirus filter will recognize the virus according to how recent these antivirus definitions are. In detail, if the anti-virus software has not been updated recently, the anti-virus filter may identify a specific file (or file write) as clean, even if the file actually contains or does contain recent The same is true for viruses.
因此,可瞭解到某實體(個人或組織等)可安裝數個不同程式來保護資料,這可能含有數個不同而彼此獨立運作的軟體過濾器。在一傳統範例裡,各個具有一過濾器之軟體程式將首先向一作業系統的過濾器管理器註冊該過濾器(即如防毒過濾器及/或複製過濾器)。該過濾器管理器又會在當,或若,適當時將各項檔案寫入傳至各過濾器。一般說來,欲組態設定各軟體過濾器究為如何地向該過濾器管理器註冊藉以確保任何所需排序實為困難重重。因此,可能是該過濾器管理器將檔案寫入發送至一複製過濾器,並且接著發送至一防毒過濾器。當然,在另一情況下,該過濾器管理器或會在發送至該複製過濾器之前,先將檔案寫入發送至該防毒過濾器。Therefore, it can be seen that an entity (individual or organization, etc.) can install several different programs to protect data, which may contain several different software filters that operate independently of each other. In a conventional example, each software program with a filter will first register the filter (ie, an antivirus filter and/or a copy filter) with a filter manager of an operating system. The filter manager will then write each file to each filter when it is, or if appropriate. In general, it is difficult to configure how each software filter is registered with the filter manager to ensure that any required ordering is performed. Therefore, it may be that the filter manager sends the file write to a copy filter and then to an antivirus filter. Of course, in another case, the filter manager may send the file write to the antivirus filter before sending it to the copy filter.
不幸地,即便是難以對特定的過濾器排序進行組態設定,過濾器排序仍會對於如何地保護及/或存留資料造成顯著的影響。例如,一對於實作備份系統之組織為特別地敏感的問題即在於,無法處理掉一些電子病毒可能意味著在備份處理過程中會潛在地擴散更多的病毒。這個問題可為特別地尖銳,其中例如一複製過濾器收到檔案寫入,並且在由一防毒過濾器對這些檔案寫入進行檢視之前就先將該等發送至一日誌檔案。此一過濾器排序可意味著,在一些情況下,一受感染檔案或不會受到處置或經識別出確遭感染,而須直到如該檔案經傳送至一備份伺服器之時般遲緩。Unfortunately, even if it is difficult to configure settings for a particular filter order, filter ordering can have a significant impact on how to protect and/or retain data. For example, a problem that is particularly sensitive to the organization of a backup system is that the inability to process some electronic viruses may mean potentially spreading more viruses during the backup process. This problem can be particularly acute, where, for example, a copy filter receives a file write and sends it to a log file before it is viewed by an antivirus filter. This sorting of filters may mean that, in some cases, an infected file may not be disposed of or identified as being infected, but may be as sluggish as if the file were transmitted to a backup server.
而相對地,即使是有可能確定該防毒過濾器是在一複製過濾器之前先收到檔案寫入,如此仍不必然地會解決掉所有的潛在問題。例如,若是該防毒過濾器所使用之防毒定義為過時,像是若尚未對影響一檔案的病毒產生出一定義,則可能不會偵測出一電腦系統上的受感染檔案。從而,即使是先由一防毒過濾器加以檢視,該檔案可能既已由一複製過濾器複製一或多次。因此,這可意味著,於該備份伺服器處,或會存在該檔案之受感染版本的多個備份拷貝。當為該防毒過濾器而更新該防毒定義以納入此特定病毒時,該防毒過濾器可最終地識別出該新檔案寫入遭到感染。In contrast, even if it is possible to determine that the antivirus filter receives the file write before the copy filter, it does not necessarily solve all potential problems. For example, if the antivirus definition used by the antivirus filter is outdated, such as if a virus that affects a file has not been defined, an infected file on a computer system may not be detected. Thus, even if it is first viewed by an antivirus filter, the file may have been copied one or more times by a copy filter. Thus, this can mean that at the backup server, there may be multiple backup copies of the infected version of the file. When the antivirus definition is updated for the antivirus filter to include this particular virus, the antivirus filter can ultimately recognize that the new archive write is infected.
不過,在多數情況下,該防毒過濾器可能僅為將該受感染檔案寫入,及/或在該生產伺服器處的相對應完整基本檔案,予以擦去或刪除。不幸地,該複製過濾器通常是對於該防毒過濾器的病毒識別作業及/或清除動作毫無所悉,並因此將僅複製經清除的檔案寫入。然後,將經複製檔案及/或對於該經清除檔案之檔案寫入傳至一日誌檔案及/或另複製回到該備份伺服器,即如正常進行般。從而,該備份伺服器將不知該檔案曾遭感染,並且僅,連同於先前遭受感染的檔案資料,將檔案備份更新(亦即包含新的檔案寫入)加以儲存。如此,即使是在一生產伺服器處將該防毒過濾器設置在該複製過濾器之前,仍然無法保證能夠會清除在該備份伺服器處的受感染資料。However, in most cases, the antivirus filter may simply erase or delete the infected file and/or the corresponding full base file at the production server. Unfortunately, the replication filter is generally unaware of the virus identification job and/or cleanup actions of the antivirus filter, and thus will only copy the erased archive writes. Then, the copied file and/or the file for the cleared file is written to a log file and/or copied back to the backup server, as normal. Thus, the backup server will not know that the file has been infected, and only store the file backup update (ie, including the new file write) along with the previously infected file. Thus, even if the antivirus filter is placed in front of the copy filter at a production server, there is no guarantee that the infected material at the backup server can be erased.
從而,存在有許多與解決一備份伺服器內之病毒資訊相關聯的難題。Thus, there are many challenges associated with resolving virus information within a backup server.
本發明之實作提供能夠在一備份環境裡,於整個資料上有效地傳播防毒資訊的系統、方法與電腦程式產品。例如,在至少一實作裡,一共同過濾器含有防毒及複製過濾器元件。該共同過濾器可接收檔案寫入,並將該等檔案寫入傳至該防毒元件。該防毒元件掃描各項檔案寫入,並且將各個經掃描檔案寫入,連同任何適於該檔案寫入之防毒資訊,傳送至該共同過濾器的複製過濾器元件。如此,該複製過濾器即可按一維護有任何先前既經偵測出之病毒資訊的方式,將一些檔案寫入複製至一日誌檔案。The present invention provides a system, method and computer program product capable of effectively transmitting anti-virus information on a whole data in a backup environment. For example, in at least one implementation, a common filter contains anti-virus and replication filter elements. The common filter can receive file writes and write the files to the antivirus component. The anti-virus component scans each file for writing and writes each scanned file to the duplicate filter element of the common filter, along with any anti-virus information suitable for the file to be written. In this way, the copy filter can copy and write some files to a log file in a manner that maintains any previously detected virus information.
據此,生產伺服器及備份伺服器兩者即可識別出所收到的備份資料,或先前所收到的備份檔案,是否應受到防毒處理的關注。According to this, both the production server and the backup server can recognize whether the received backup data or the previously received backup file should be concerned about antivirus processing.
例如,自一經由一共同過濾器以管理病毒與備份過濾作業處理之生產伺服器的觀點而言,一種範例方法可牽涉到透過該共同過濾器對一或更多的檔案寫入進行識別。此外,該方法可牽涉到,根據一或更多的病毒定義,在該共同過濾器處對經識別之一或更多檔案寫入進行掃描。該方法亦可牽涉到對在該共同過濾器處經識別之一或更多經掃描檔案寫入與一或更多的複製政策加以比較。並且,該方法可涉及到將該等一或更多經掃描檔案寫入之至少一者的拷貝發送至一日誌檔案,使得至少一檔案寫入被複製至一備份伺服器。For example, an example method may involve identifying one or more archive writes through the common filter from the point of view of a production server that manages viruses and backup filtering operations via a common filter. Moreover, the method can involve scanning one or more identified file writes at the common filter based on one or more virus definitions. The method may also involve comparing one or more scanned file writes identified at the common filter with one or more copy policies. Moreover, the method can involve transmitting a copy of at least one of the one or more scanned file writes to a log file such that at least one file write is copied to a backup server.
相對地,一自一按照一或更多病毒指示器來管理經複製資料之備份伺服器觀點的範例方法可牽涉到從一或更多的生產伺服器接收一或更多的資料備份。此外,該方法可牽涉到在所收之一或更多資料備份裡識別出一或更多的病毒指示器。在此一情況下,該等一或更多病毒指示器可識別出該等一或更多資料備份之至少一者係相關於受感染資料。該方法亦可牽涉到識別出對於該備份伺服器的一或更多政策。一般說來,該等一或更多政策可識別出對應於該等一或更多病毒指示器的一或更多回應動作。此外,該方法可涉及到根據該等一或更多政策執行該等一或更多回應動作之任一者。In contrast, an exemplary method of managing a backup server view of replicated data from one or more virus indicators may involve receiving one or more data backups from one or more production servers. In addition, the method may involve identifying one or more virus indicators in one or more of the data backups received. In this case, the one or more virus indicators can identify that at least one of the one or more data backups is related to the infected material. The method may also involve identifying one or more policies for the backup server. In general, the one or more policies may identify one or more response actions corresponding to the one or more virus indicators. Moreover, the method can involve performing any of the one or more response actions in accordance with the one or more policies.
本「概述」係經提供以介紹一種按一較簡化形式,而在後文「詳細說明」所進一步描述的選擇概念。本「概述」並非為以識別所主張之主題項目的各項關鍵特點或基本特性,亦非為以用於決定所主張主題項目之範圍的輔助。This "Overview" is provided to introduce a selection concept that is further described in a more simplified form and described in the "Detailed Description" below. This “Overview” is not intended to identify key features or essential characteristics of the claimed subject matter, nor is it used to assist in determining the scope of the claimed subject matter.
本發明之其他特性與優點將按部份地在如後說明中,且部分地自該說明而屬顯見,或者可由實作本發明所習知的方式來加以陳述。可藉由在後載申請專利範圍中所特別指出之各項設備及組合,來瞭解並獲致本發明的各項特性與優點。本發明之該等及其他特性將可自後載說明及各隨附圖式而更加顯見,或者可藉如後文所列陳的本發明實作所習知。Other features and advantages of the present invention will be set forth in part in the description which follows. The features and advantages of the present invention will be understood and attained by the <RTIgt; These and other features of the present invention will become more apparent from the following description and the accompanying drawings.
本發明之實作可擴展至在一備份環境裡,於整個資料上有效地傳播防毒資訊的系統、方法與電腦程式產品。例如,在至少一實作裡,一共同過濾器含有防毒及複製過濾器元件。該共同過濾器可接收檔案寫入,並將該等檔案寫入傳至該防毒元件。該防毒元件掃描各項檔案寫入,並且將各個經掃描檔案寫入,連同任何適於該檔案寫入之防毒資訊,傳送至該共同過濾器的複製過濾器元件。如此,該複製過濾器即可按一維護有任何先前既經偵測出之病毒資訊的方式,將一些檔案寫入複製至一日誌檔案。The implementation of the present invention can be extended to systems, methods, and computer program products that effectively spread anti-virus information throughout the data in a backup environment. For example, in at least one implementation, a common filter contains anti-virus and replication filter elements. The common filter can receive file writes and write the files to the antivirus component. The anti-virus component scans each file for writing and writes each scanned file to the duplicate filter element of the common filter, along with any anti-virus information suitable for the file to be written. In this way, the copy filter can copy and write some files to a log file in a manner that maintains any previously detected virus information.
據此,生產伺服器及備份伺服器兩者即可識別出所收到的備份資料,或先前所收到的備份檔案,是否應受到防毒處理的關注。According to this, both the production server and the backup server can recognize whether the received backup data or the previously received backup file should be concerned about antivirus processing.
即如在此所將更完整瞭解者,可利用任意數量之元件、模組及法則以達成本發明的該等與其他特性。例如,後文中主要是自一生產伺服器,以及一傳通在該生產伺服器處所產生及/或所修改之資料的備份伺服器,之觀點來描述本發明實作。然而,並非在所有實作中皆必然地需為此一設定方式。尤其是,在某些情況下,該生產伺服器可代表一由另一電腦系統直接地進行備份的個人電腦系統,而無論此等電腦系統是否會被視為「伺服器」等皆然。That is, as will be more fully understood herein, any number of elements, modules, and rules may be utilized to achieve these and other characteristics of the invention. For example, the practice of the present invention is described above primarily from the perspective of a production server and a backup server that communicates the data generated and/or modified at the production server. However, it is not necessary to set this way in all implementations. In particular, in some cases, the production server may represent a personal computer system that is directly backed up by another computer system, regardless of whether such a computer system is considered a "server" or the like.
此外,主要是按照由一「共同」過濾器所採行之動作來描述本發明實作,此過濾器提供一單一、共同介面,而能夠經此接取到防毒及複製過濾器類型元件的功能性。因而,此共同過濾器亦可被描述為「經合併」過濾器,此者係一提供一防毒過濾器及一複製過濾器之經合併功能的過濾器。在任何情況下,且即如在此所將瞭解者,由於可藉由防毒及複製過濾兩者的元件建構一單一過濾器,因此產生該單一過濾器之開發者能夠設計各個元件的排序方式。亦即,該開發者可組態設定該過濾器,因而首先是例如由防毒元件來處置輸入/輸出(「I/O」)系統呼叫,並且接著再由該複製元件加以處置。從而,將僅有一單一過濾器,像是該共同過濾器,會需要向一過濾器管理器註冊,以處置防毒及複製過濾活動。In addition, the practice of the present invention is described primarily in terms of actions taken by a "common" filter that provides a single, common interface through which the functions of the antivirus and copy filter type components can be accessed. Sex. Thus, the common filter can also be described as a "combined" filter, which is a filter that provides a combined function of an antivirus filter and a duplicate filter. In any event, and as will be appreciated herein, since a single filter can be constructed by elements of both anti-virus and replication filtering, the developer producing the single filter can design the ordering of the various components. That is, the developer can configure the filter so that the input/output ("I/O") system call is first handled, for example, by an anti-virus component, and then processed by the replica component. Thus, there will be only a single filter, like the common filter, which will need to be registered with a filter manager to handle antivirus and copy filtering activities.
然而,將可瞭解到一經合併/共同過濾器僅為完成本發明之一或更多實作的一種方式。在替代性實作裡,例如,一開發者可產生個別的防毒及複製過濾器,而具備適當方式以按一特定順序進行識別並且彼此傳通。尤其是,可在一生產伺服器處個別地安裝該等防毒及複製過濾器,然按一特定順序,藉以確保一對於一過濾器管理器的特定順序。然後,該等防毒及複製過濾器可經設置以一或更多的方式,例如透過一帶外通訊頻道,以進行識別並且彼此傳通。據此,在閱讀下列規格文件及申請專利範圍之後,將能瞭解存在有多種方式以實作本文所述原理。However, it will be appreciated that once the combined/common filter is only one way of accomplishing one or more of the present invention. In alternative implementations, for example, a developer may generate individual anti-virus and replication filters with appropriate means to identify and communicate with one another in a particular order. In particular, the antivirus and duplication filters can be individually installed at a production server, but in a particular order to ensure a particular sequence for a filter manager. The anti-virus and replication filters can then be set up in one or more ways, such as through an out-of-band communication channel, for identification and communication with one another. Accordingly, after reading the following specification documents and the scope of the patent application, it will be appreciated that there are many ways to implement the principles described herein.
在任何情況下,第1A圖說明一備份系統100之概略圖,其中一生產伺服器105收到一或更多的檔案寫入,藉由一共同過濾器之防毒及複製元件對該等檔案寫入進行掃描,並且將該等檔案寫入之一或更多者傳通至備份伺服器110。一般說來,可在一使用者(或其他實體)建立資料、修訂或更改現有資料等等的任何時刻處產生出一檔案寫入(即如103、107)。然後,該生產伺服器105可利用任意數量的機制以攔截或「過濾」該等檔案寫入各者。在至少一本發明實作裡,例如該生產伺服器105是透過一過濾器管理器115以攔截並接收各項檔案寫入103、107。In any event, Figure 1A illustrates an overview of a backup system 100 in which a production server 105 receives one or more file writes, which are written to the file by a common filter antivirus and copy component. The scan is performed and one or more of the files are written to the backup server 110. In general, a file write (i.e., 103, 107) can be generated at any point in time when a user (or other entity) creates a material, modifies or changes an existing data, and the like. The production server 105 can then utilize any number of mechanisms to intercept or "filter" the files to write to each. In at least one embodiment of the invention, for example, the production server 105 is passed through a filter manager 115 to intercept and receive various file writes 103, 107.
通常,該過濾器管理器115可經組態設定以在該生產伺服器105處攔截各項I/O系統呼叫,並且將此等呼叫各者傳至一或更多的經註冊過濾器(即如第1B圖的過濾器125、127)。此等呼叫包含任意數量的系統請求,像是「開啟檔案」、「關閉檔案」,以及各種對於檔案的寫入、刪除、取代等等。尤其是,對一檔案的各項變動可產生一I/O系統呼叫,並且在一些情況下可有數十或數百項不同的I/O呼叫,而該過濾器管理器115對此係經組態設定以進行攔截。不過,該過濾器管理器115會將所攔截到的各種呼叫最終地配送至其內所註冊的任意數量過濾器。特別是有些過濾器,像是一防毒過濾器,可經組態設定以接收由該過濾器管理器115所攔截到的所有呼叫,而其他的過濾器則可僅經組態設定以接收該I/O系統裡的某種類型呼叫。In general, the filter manager 115 can be configured to intercept various I/O system calls at the production server 105 and pass the callers to one or more registered filters (ie, Filters 125, 127) as in Figure 1B. These calls contain any number of system requests, such as "open file", "close file", and various writes, deletes, and replacements for files. In particular, changes to a file can result in an I/O system call, and in some cases there can be tens or hundreds of different I/O calls, and the filter manager 115 is Configure settings for interception. However, the filter manager 115 will eventually deliver the various intercepted calls to any number of filters registered therein. In particular, some filters, such as an antivirus filter, can be configured to receive all calls intercepted by the filter manager 115, while other filters can only be configured to receive the I. Some type of call in the /O system.
在至少一本發明實作裡,該過濾器管理器115可經組態設定以將所有的系統呼叫(即如檔案寫入)傳通至該經合併防毒(「AV」)及複製過濾器125(或「經合併」或「共同」過濾器125)。例如,該過濾器管理器115接收檔案寫入103、107並且將該等檔案寫入各者傳至該共同過濾器125。即如在此所將完整瞭解者,接著該共同過濾器125可對於病毒而掃描各個所收檔案寫入,並且若為適當,將一該等檔案寫入之一或更多任一者的拷貝傳至日誌檔案130。一般說來,一「日誌檔案」,像是該日誌檔案130,通常含有一或更多的電子檔案,該等係經組態設定以對於一特定的生產伺服器105目錄,保存一經標定資料之所有變動(建立、刪除、修改等等)的拷貝。例如,該日誌檔案130可代表對於一特定時間該目錄120的所有變動。In at least one embodiment of the invention, the filter manager 115 can be configured to communicate all system calls (i.e., file writes) to the merged antivirus ("AV") and copy filter 125. (or "merged" or "common" filter 125). For example, the filter manager 115 receives the archive writes 103, 107 and passes the archives to each of the common filters 125. That is, as will be fully understood herein, the common filter 125 can then scan each of the received archives for the virus and, if appropriate, write a copy of the archive to one or more of them. Pass to log file 130. In general, a "log file", such as the log file 130, typically contains one or more electronic files that are configured to store a calibration data for a particular production server 105 directory. A copy of all changes (create, delete, modify, etc.). For example, the log archive 130 can represent all changes to the catalog 120 for a particular time.
然後該備份伺服器110備份該日誌檔案130(以及用於在該生產伺服器105處之其他目錄的任何額外日誌檔案)。一般說來,可在任意數量之環境下,像是視需要或逐一特定備份排程,執行備份處理程序。在任何情況下,備份處理程序牽涉到該生產伺服器105可將該日誌檔案130之資料發送至該備份伺服器110處的一或更多管理代理器(即如135)。通常,該等一或更多管理代理器(即如135)會接著將所收到的資料變動施用於一或更多的儲存目錄(即如145),而此者可含有對特定資料的其他先前變動拷貝。The backup server 110 then backs up the log archive 130 (and any additional log files for other directories at the production server 105). In general, backup handlers can be executed in any number of environments, such as on-demand or one-by-one specific backup schedules. In any event, the backup handler is involved in the production server 105 to send the log file 130 data to one or more management agents (e.g., 135) at the backup server 110. Typically, the one or more management agents (i.e., 135) will then apply the changes to the received data to one or more storage directories (i.e., 145), and the person may have other Previous changes to the copy.
然而,根據本發明之實作,該等一或更多管理代理器(即如135)亦可比較所收到的備份檔案與一或更多的政策設定140,藉以執行一特定回應動作143。即如在此所將完整瞭解者,例如若該管理代理器135識別出在該日誌檔案130內之任何資料既已為病毒而經旗標註記(亦即含有一或更多的病毒指示器),則該等政策設定140可指示該備份伺服器110執行任何數量的相對應回應動作143。例如,該等政策設定140可指示該備份伺服器110刪除經標註有病毒的所收資料、「擦去」(亦即淨化或移除病毒)或刪除該所收備份資料,以及在該資料的拷貝之前先行擦去或刪除。However, in accordance with an implementation of the present invention, the one or more management agents (i.e., 135) may also compare the received backup file with one or more policy settings 140 to perform a particular response action 143. That is, as will be fully understood herein, for example, if the management agent 135 recognizes that any data in the log file 130 is flagged as a virus (ie, contains one or more virus indicators). The policy settings 140 may instruct the backup server 110 to perform any number of corresponding response actions 143. For example, the policy settings 140 may instruct the backup server 110 to delete the received data that is marked with a virus, "erase" (ie, purify or remove the virus), or delete the received backup data, and Wipe or delete before copying.
從而,至少一本發明實作不僅會牽涉到病毒掃描,而亦涉及到確保能夠將任何有關於病毒偵測的資訊有效地傳播至該系統100內的相關實體。例如,在至少一實作裡,這可藉由對檔案寫入籤註以一或更多的病毒指示器,然後確保該等一或更多病毒指示器維持經接附所達成。例如,第1B圖說明一根據本發明之實作的更詳細略圖,其中該生產伺服器105透過一共同過濾器125識別出一或更多病毒,並且利用該共同過濾器125以將一或更多的病毒指示器接附至遭感染檔案。Thus, at least one embodiment of the invention not only involves virus scanning, but also ensures that any relevant information about virus detection can be effectively propagated to related entities within the system 100. For example, in at least one implementation, this can be accomplished by writing an endorsement to the archive with one or more virus indicators and then ensuring that the one or more virus indicators remain attached. For example, Figure 1B illustrates a more detailed sketch of an implementation in accordance with the present invention in which the production server 105 identifies one or more viruses through a common filter 125 and utilizes the common filter 125 to A number of virus indicators are attached to the infected file.
特別是,第1B圖顯示該過濾器管理器115可接收檔案寫入103及107,像是先前如第1A圖所描述者。此外,第1B圖顯示至少該檔案寫入103受到一病毒(即如113)所感染。然後,該過濾器管理器115將檔案寫入103及107傳至任意數量的經適當註冊之過濾器,像是過濾器125、127等。例如,第1B圖顯示該過濾器管理器115將檔案寫入103(及經附接的病毒113)及檔案寫入107傳至共同AV/複製過濾器125。即如前述,該共同過濾器125又可含有任意數量的適當元件,其中至少包含防毒元件123及複製元件127。一般說來,該過濾器125可經組態設定以使得所有自該過濾器管理器115所收到的寫入在傳至該複製元件127之前都會受先傳至該防毒元件123。然並非必然地需要按此方式的元件排序,只要能夠在傳送至一日誌檔案(即如130)之前,先對檔案寫入籤註以一或更多的病毒指示器即可。In particular, Figure 1B shows that the filter manager 115 can receive archive writes 103 and 107, as previously described in Figure 1A. Furthermore, Figure 1B shows that at least the file write 103 is infected by a virus (i.e., 113). The filter manager 115 then passes the file writes 103 and 107 to any number of appropriately registered filters, such as filters 125, 127, and the like. For example, FIG. 1B shows that the filter manager 115 passes the file write 103 (and attached virus 113) and the archive write 107 to the common AV/copy filter 125. That is, as previously described, the common filter 125 can in turn contain any number of suitable components including at least the anti-virus element 123 and the replication element 127. In general, the filter 125 can be configured such that all writes received from the filter manager 115 are pre-transmitted to the anti-virus element 123 prior to being passed to the replica element 127. However, component ordering in this manner is not necessarily required, as long as the signature can be written to the file with one or more virus indicators before being transferred to a log file (ie, 130).
在任何情況下,第1B圖顯示該共同過濾器125可接收檔案寫入103及107,並且對其執行任何數量的掃描及籤註動作。例如,該過濾器125之防毒元件123可對檔案寫入103進行掃描,並且比較其內所含之資料與任意數量的防毒定義150。在此情況下,該過濾器125識別出在檔案寫入103上出現有病毒113。相對地,防毒元件123亦接收檔案寫入107,然於其內並未辨識出任何病毒。從而,第1B圖顯示該防毒元件123僅將檔案寫入107傳通至該複製元件127,然對於檔案寫入103則執行多項額外動作。In any event, Figure 1B shows that the common filter 125 can receive the archive writes 103 and 107 and perform any number of scan and endorsement actions thereon. For example, the antivirus element 123 of the filter 125 can scan the archive write 103 and compare the data contained therein with any number of antivirus definitions 150. In this case, the filter 125 recognizes that a virus 113 is present on the archive write 103. In contrast, the anti-virus component 123 also receives the file write 107, but no virus is recognized therein. Thus, FIG. 1B shows that the anti-virus element 123 only passes the file write 107 to the copy element 127, whereas for the file write 103, a number of additional actions are performed.
例如,當偵測到病毒113,該防毒元件123可移除該病毒。然而,在其他情況下,防毒元件123可僅偵測病毒而不予以移除,或是偵測出似為病毒者,並提供一指示以說明可能出現有一病毒。從而,第1B圖顯示該防毒元件123對檔案寫入103標註以一或更多的病毒指示器117,這包含有關於該防毒元件123之動作及/或決定的表示。例如,該等一或更多病毒指示器117可含有一病毒113仍在該檔案寫入103之內,或是僅為似出現有病毒113而未加確認,的資訊。類似地,該等一或更多病毒指示器117可表示該防毒元件123既已在該檔案寫入103中偵測到病毒113並予以移除,然確經出現有病毒113。如此,將可瞭解該等一或更多的病毒指示器117可含有任意數量的表示,藉此讓後隨元件與模組能夠訂定出有關於該檔案寫入103,以及關於其底層檔案(即如113),的額外決策。For example, when virus 113 is detected, the antivirus element 123 can remove the virus. However, in other cases, the anti-virus element 123 may only detect the virus without removing it, or detect a virus-like person and provide an indication that a virus may be present. Thus, FIG. 1B shows that the antivirus element 123 marks the archive write 103 with one or more virus indicators 117, which includes representations of actions and/or decisions regarding the antivirus element 123. For example, the one or more virus indicators 117 may contain a virus 113 that is still within the file write 103, or only information that appears to be virus 113 without confirmation. Similarly, the one or more virus indicators 117 may indicate that the antivirus element 123 has detected and removed the virus 113 in the file write 103, but the virus 113 is present. As such, it will be appreciated that the one or more virus indicators 117 can contain any number of representations, thereby enabling the following elements and modules to be programmed with respect to the file write 103, as well as for its underlying file ( That is, as in 113), the extra decision.
無論經如何標記或籤註,該防毒元件123可接著將檔案寫入103,連同一或更多的病毒指示器117,傳送至複製元件127。例如,第1B圖顯示該複製元件接收檔案寫入103及107兩者。最終地,該複製元件127將比較該等檔案寫入103、107各者及複製政策155,藉此決定是否將與該等檔案寫入相關之檔案加以排程俾進行複製。例如,第1B圖顯示該檔案寫入107並未被排程以進行複製,並且據此,該複製元件127僅將該檔案寫入107傳至目錄120,並且將此檔案寫入增入至相對應的檔案137。相對地,第1B圖顯示該複製元件127決定該檔案寫入103係相關於該檔案133,並且基於複製政策155,加以排程俾進行複製。Regardless of how the tag or endorsement is marked, the anti-virus element 123 can then write the file 103 to the same or more virus indicators 117 for transmission to the copy element 127. For example, Figure 1B shows that the copy element receives both file writes 103 and 107. Finally, the copy component 127 will compare the file writes 103, 107 to each and the copy policy 155 to determine whether to archive the files associated with the file writes for replication. For example, Figure 1B shows that the file write 107 is not scheduled for copying, and accordingly, the copy component 127 only passes the file write 107 to the directory 120 and adds the file write to the phase. Corresponding file 137. In contrast, FIG. 1B shows that the copy component 127 determines that the file write 103 is associated with the file 133 and is scheduled for copying based on the copy policy 155.
當然,該複製代理器127可依據出現有任何病毒指示器(即如117)而更改其自訂機制。例如,複製政策155可在當出現有一或更多的病毒指示器(即如117)時,表示將一另經排程以複製之檔案排除在複製作業之外。亦即,該複製元件127可對寫入檔案103進行檢疫隔離,將檔案寫入103傳至目錄120而不將一拷貝放置在該日誌檔案130內,並且亦可(或另為)將一或更多的病毒指示器發送至該日誌檔案130,而無相對應的檔案寫入資料。如此,可對該複製元件127組態設定以多項動作。Of course, the replication agent 127 can change its custom mechanism based on the presence of any virus indicator (i.e., 117). For example, the copy policy 155 may indicate that a file that has been scheduled to be copied is excluded from the copy job when one or more virus indicators (i.e., 117) appear. That is, the copying component 127 can quarantine the write file 103, transfer the file write 103 to the directory 120 without placing a copy in the log file 130, and can also (or otherwise) More virus indicators are sent to the log file 130, and no corresponding file is written to the data. As such, the copying component 127 can be configured to perform multiple actions.
在任何情況下,第1B圖顯示複製元件127識別出應對該檔案寫入103進行複製,並因此產生該檔案寫入之一拷貝103a。即如圖示,檔案寫輸入拷貝103a亦包含該等一或更多病毒指示器的拷貝(亦即117a)。據此,第1B圖顯示該複製元件127將檔案寫入103傳至目錄120,在此被納入於其底層基本檔案133。相對地,該複製元件127將檔案寫入拷貝103a,以及相對應的(多個)病毒指示器拷貝117a,傳至日誌檔案130。因此,即可將檔案寫入103,以及經附接之一或更多的病毒指示器117,納入在該備份處理程序之內(亦即透過拷貝103a、107a)。In any event, Figure 1B shows that the copy element 127 recognizes that the file write 103 should be copied, and thus the file write one copy 103a is generated. That is, as shown, the archive write input copy 103a also contains a copy of the one or more virus indicators (i.e., 117a). Accordingly, Figure 1B shows that the copy component 127 passes the file write 103 to the directory 120 where it is included in its underlying base file 133. In contrast, the copy component 127 writes the archive copy 103a, and the corresponding virus indicator copy 117a, to the log archive 130. Thus, the file can be written to 103, and one or more of the virus indicators 117 attached can be included in the backup processing program (i.e., through the copies 103a, 107a).
即如前述,這意味著該備份伺服器110可因此收到並識別對於所收到或所儲存之資料的任何已知病毒資訊(並且對其執行相對應的動作),而不必要求備份伺服器110進行額外的病毒掃描。即如第1C圖所示,例如,該備份伺服器110收到該日誌檔案130的資料,其中含有最新近的檔案寫入拷貝103a以及相對應的一或更多病毒指示器117a。特別是,該備份伺服器110透過一或更多的管理代理器(即如135)接收並識別該日誌檔案130的資料。一般說來,一管理代理器包含對於任意數量之處理程序所實作的任意數量電腦可執行指令,像是啟動複製處理程序、對所收資料執行動作等等。詳細地說,各個管理代理器135進一步含有(或關聯於)一或更多的額外代理器,像是防毒代理器160。That is, as mentioned above, this means that the backup server 110 can thus receive and identify any known virus information for the received or stored material (and perform corresponding actions on it) without having to request a backup server. 110 for additional virus scanning. That is, as shown in FIG. 1C, for example, the backup server 110 receives the data of the log file 130, which contains the most recent file write copy 103a and the corresponding one or more virus indicators 117a. In particular, the backup server 110 receives and identifies the data of the log file 130 via one or more management agents (i.e., 135). In general, a management agent contains any number of computer-executable instructions that are implemented for any number of handlers, such as starting a copy handler, performing actions on the received data, and the like. In detail, each management agent 135 further contains (or is associated with) one or more additional agents, such as antivirus agent 160.
如此,當收到日誌檔案130時,該管理代理器135可識別出一或更多的病毒指示器117a。該管理代理器135可接著決定應採接取一或更多項動作,並因此進一步諮詢該等一或更多的政策設定140。例如,該等一或更多政策設定140可含有一或更多的指令,藉以拋除一經感染檔案寫入、檢疫隔離一經感染檔案寫入,及/或對該資料的先前拷貝執行類似動作。即如第1C圖所示,例如該管理代理器135自政策設定140識別出一組指令以執行該回應動作147。在此範例裡,該回應動作147包含多項為以「擦去」該底層基本檔案133之複製項的所有拷貝,以及其迭遞更新的指令。詳細地說,政策設定140可告知該管理代理器135在任何時刻收到對於一特定檔案寫入(即如103a)之一病毒指示器(即如117),該底層基本檔案(即如複製項165)即經假定為含有一病毒。As such, when the log file 130 is received, the management agent 135 can identify one or more virus indicators 117a. The management agent 135 can then decide to pick up one or more actions and thus further consult the one or more policy settings 140. For example, the one or more policy settings 140 may contain one or more instructions to discard an infected file write, quarantine quarantine, an infected file write, and/or perform a similar action on a previous copy of the data. That is, as shown in FIG. 1C, for example, the management agent 135 identifies a set of instructions from the policy settings 140 to perform the response action 147. In this example, the response action 147 includes a plurality of instructions for "erasing" all copies of the copy of the underlying base file 133, as well as its superimposed updates. In detail, the policy setting 140 can inform the management agent 135 to receive a virus indicator (ie, 117) for a specific file write (ie, as 103a) at any time, the underlying basic file (ie, as a duplicate item) 165) is assumed to contain a virus.
例如,該備份伺服器110既已儲存(即如透過儲存目錄145)該檔案133的數個先前拷貝(依據不同的備份事件)。特別地,第1C圖顯示該備份伺服器110既已於時間「t0 」儲存該檔案133之一初始複製項165,在時間「t1 」儲存該檔案之一更新170,在時間「t2 」儲存該檔案之一更新175,在時間「t3 」儲存一更新180,以及在時間「t4 」儲存一更新185。如此,在此情況下,該檔案寫入103a會為一在時間「t5 」對複製項165(亦即對於檔案133)的更新。For example, the backup server 110 has stored (i.e., via the storage directory 145) a number of previous copies of the file 133 (depending on different backup events). In particular, FIG. 1C shows that the backup server 110 has stored an initial copy 165 of the file 133 at time "t 0 ", and stores one of the files update 170 at time "t 1 " at time "t 2 "one of the 175 stores update files at a time" t 3 "to save an updated 180, and at the time" t 4 "185 stores an update. So, in this case, the file will be written (ie for file 133) 103a is updated at a time "t 5" to copy the item 165.
因此,在此特定範例裡,並且回應於回應動作147之指令,該管理代理器135透過防毒代理器160將檔案寫入103a擦去(若尚未被擦去或「清除」)。該管理代理器135亦可利用防毒代理器160以擦去該等不同複製項165、170、175、180、185各者。因此,既已如此清除各項拷貝之後,該管理代理器135即發送相對應的指令190,藉此將檔案複製項165、170、175、180及185替換為新的資料195。該資料195又可含有該基本檔案與後隨的更新(亦即「t0 -t5 」),而無經識別出的病毒。Thus, in this particular example, and in response to an instruction in response to action 147, the management agent 135 wipes the file write 103a through the anti-virus agent 160 (if not already erased or "cleared"). The management agent 135 can also utilize the anti-virus agent 160 to erase each of the different duplicate items 165, 170, 175, 180, 185. Thus, after the copies have been cleared as such, the management agent 135 sends the corresponding instructions 190, thereby replacing the file copies 165, 170, 175, 180, and 185 with the new material 195. The data 195 may contain the basic file and subsequent updates (i.e., "t 0 -t 5 ") without the identified virus.
從而,第1A-1C圖提供在一生產伺服器層級處用於病毒識別,將該資訊傳播至一備份伺服器層級,並且在各個該等層級處進行任意數量之相對應動作的多項略圖及元件。除前揭項目外,亦可按照含有一或更多動作序列以完成一特定結果之方法的流程圖來描述本發明實作。例如,第2圖說明自利用一共同/經合併AV/複製過濾器125,進行檔案寫入過濾處理之生產伺服器105與備份伺服器110兩者觀點的流程圖。底下參照於第1A到1C圖之略圖及元件以說明第2圖的動作。Thus, the 1A-1C diagram provides a plurality of thumbnails and elements for virus identification at a production server level, disseminating the information to a backup server hierarchy, and performing any number of corresponding actions at each of the levels. . In addition to the pre-existing items, the practice of the invention may be described in terms of a flowchart of a method that includes one or more sequences of actions to accomplish a particular result. For example, FIG. 2 illustrates a flow chart from the viewpoint of both the production server 105 and the backup server 110 performing file write filtering processing using a common/combined AV/copy filter 125. The operation of Fig. 2 will be described with reference to the drawings and elements of Figs. 1A to 1C.
例如,第2圖顯示一從經由一共同過濾器以管理病毒與備份過濾處理之生產伺服器105觀點的方法,其中可含有一識別一或更多檔案寫入的動作200。該動作200含有透過一共同過濾器以對一或更多的檔案寫入進行識別。例如,即如在第1A及1B圖中所示,該生產伺服器105經由該過濾器管理器115收到檔案寫入103及107(亦即任意數量的I/O系統呼叫)。該過濾器管理器115又將這些寫入傳至該共同AV/複製過濾器125。For example, Figure 2 shows a method from the perspective of a production server 105 that manages virus and backup filtering via a common filter, which may include an action 200 that identifies one or more file writes. The action 200 includes identifying a one or more file writes through a common filter. For example, as shown in Figures 1A and 1B, the production server 105 receives file writes 103 and 107 (i.e., any number of I/O system calls) via the filter manager 115. The filter manager 115 in turn passes these writes to the common AV/copy filter 125.
此外,第2圖顯示此一自該生產伺服器105之觀點的方法可包含一為病毒而掃描該等檔案寫入的動作210。該動作210可牽包含,根據一或更多的病毒定義,在該共同過濾器處對經識別之一或更多檔案寫入進行掃描。即如第1B圖中所示,例如,一共同AV/複製過濾器125收到檔案寫入103及107,並且經由防毒元件123比較相對應的資料與一或更多的防毒定義150。從而,該共同AV/複製過濾器125透過該防毒元件123決定該檔案寫入103含有病毒113。In addition, FIG. 2 shows that the method from the perspective of the production server 105 can include an act 210 of scanning the file writes for a virus. The act 210 can include scanning one or more identified file writes at the common filter based on one or more virus definitions. That is, as shown in FIG. 1B, for example, a common AV/copy filter 125 receives the file writes 103 and 107 and compares the corresponding data with one or more antivirus definitions 150 via the antivirus element 123. Therefore, the common AV/copy filter 125 determines through the antivirus element 123 that the file write 103 contains the virus 113.
第2圖亦顯示該自該生產伺服器105之觀點的方法可包含一將經掃描之檔案與複製政策加以比較的動作220。該動作220包含對在該共同過濾器處經識別之一或更多經掃描檔案寫入與一或更多的複製政策加以比較。例如,第1B圖顯示,在既已由該防毒元件123處置/掃描之後,該共同AV/複製過濾器125亦在複製元件127內收到檔案寫入103及107。然後該複製元件127比較該等檔案寫入103及107與複製政策155,以決定是否應透過備份處理程序對該等檔案寫入進行保護。Figure 2 also shows that the method from the perspective of the production server 105 can include an act 220 of comparing the scanned file to a copy policy. The action 220 includes comparing one or more scanned file writes identified at the common filter with one or more copy policies. For example, FIG. 1B shows that the common AV/copy filter 125 also receives the file writes 103 and 107 in the copy element 127 after being processed/scanned by the antivirus element 123. The copy component 127 then compares the file writes 103 and 107 with the copy policy 155 to determine if the file writes should be protected by the backup handler.
此外,第2圖顯示此一自該生產伺服器105之觀點的方法可包含一將該等檔案寫入發送至一日誌檔案的動作230。該動作230包含將該等一或更多經掃描檔案寫入之至少一者的拷貝發送至一日誌檔案,使得至少一檔案寫入被複製至一備份伺服器。即如第1B圖中所示,例如,該共同AV/複製過濾器125雖收到檔案寫入103及107,然複製過濾器識別出僅將該檔案寫入103排程以進行複製。從而,該複製元件127僅將該檔案寫入103(亦即如拷貝103a)拷貝至日誌檔案130,然將兩者檔案寫入103及107發送至儲存目錄120。In addition, FIG. 2 shows that the method from the perspective of the production server 105 can include an act 230 of writing the files to a log file. The action 230 includes transmitting a copy of at least one of the one or more scanned file writes to a log file such that at least one file write is copied to a backup server. That is, as shown in FIG. 1B, for example, the common AV/copy filter 125 receives the file writes 103 and 107, but the copy filter recognizes that only the file is written to the 103 schedule for copying. Thus, the copy component 127 copies only the file write 103 (i.e., copy 103a) to the log file 130, and then sends the two file writes 103 and 107 to the storage directory 120.
據此,第2圖顯示一自一備份伺服器110之觀點的方法,該伺服器係根據由一在一或更多生產伺服器處之共同過濾器所提供的一或更多病毒指示器來管理經複製資料,該方法可包含一接收資料備份的動作240。該動作240包含自一或更多生產伺服器接收一或更多的資料備份。例如,即如第1C圖所示,該備份伺服器110之管理代理器130自該生產伺服器105收到至少該日誌檔案130的備份資料。Accordingly, Figure 2 shows a method from the perspective of a backup server 110 that is based on one or more virus indicators provided by a common filter at one or more production servers. Managing replicated data, the method can include an act 240 of receiving a backup of the data. The action 240 includes receiving one or more data backups from one or more production servers. For example, as shown in FIG. 1C, the management agent 130 of the backup server 110 receives at least the backup data of the log file 130 from the production server 105.
此外,第2圖顯示該自該備份伺服器110之觀點的方法可包含一動作250,即在所收資料裡識別出一或更多的病毒指示器。該動作250包含在所收一或更多資料備份裡識別出一或更多的病毒指示器,其中該等一或更多病毒指示器識別出該等一或更多資料備份的至少一者係關聯於受感染資料。例如,第1C圖顯示該管理代理器135接收該日誌檔案130的資料,此者含有檔案寫入103a及一或更多的病毒指示器117a。從而,該管理代理器135自該等一或更多病毒指示器117a識別出存在有一病毒,或是一病毒既經移除,然存在於該檔案之一先前版本上。Additionally, FIG. 2 illustrates that the method from the perspective of the backup server 110 can include an action 250 of identifying one or more virus indicators in the received data. The action 250 includes identifying one or more virus indicators in the received one or more data backups, wherein the one or more virus indicators identify at least one of the one or more data backups Associated with infected data. For example, Figure 1C shows that the management agent 135 receives the data for the log file 130, which contains the file write 103a and one or more virus indicators 117a. Thus, the management agent 135 identifies from the one or more virus indicators 117a that a virus is present, or that a virus has been removed, but is present on a previous version of the file.
第2圖亦顯示該自該生產伺服器110之觀點的方法可包含一對於識別出一或更多對於回應動作之政策的動作260。該動作260包含識別對於備份伺服器的一或更多政策,其中該等一或更多政策識別出對應於一或更多病毒指示器之一或更多回應動作。例如,第1C圖顯示該管理代理器135諮詢政策設定140,並且收到指令以實作該回應動作147,這要求該備份伺服器110擦去該檔案133的所有先前或現有拷貝(亦即對於寫入103a的底層檔案)。Figure 2 also shows that the method from the perspective of the production server 110 can include an action 260 for identifying one or more policies for responding to actions. The action 260 includes identifying one or more policies for the backup server, wherein the one or more policies identify one or more response actions corresponding to one or more virus indicators. For example, Figure 1C shows the management agent 135 consulting policy settings 140 and receiving an instruction to implement the response action 147, which requires the backup server 110 to erase all previous or existing copies of the file 133 (i.e., for Write the underlying file of 103a).
此外,第2圖顯示一自該備份伺服器110之觀點的方法,其中包含一執行一對於該等病毒指示器之回應動作的動作270。該動作270包含根據該等一或更多政策,執行該等一或更多回應動作之任一者。例如,第1C圖顯示該管理代理器135(即如透過防毒代理器160)採選該檔案133的各項基線拷貝及更新(亦即對於時間「t0 」-「t5 」),並且移除任何病毒感染。然後,該管理代理器135備製此資料的一潔淨拷貝195,並且發送相對應的指令190,藉以將此資料在儲存目錄145內的的原始拷貝165、170、175、180、185代換為新近、潔淨的資料195。In addition, FIG. 2 shows a method from the perspective of the backup server 110, including an action 270 of performing a response action to the virus indicators. The act 270 includes performing any of the one or more response actions in accordance with the one or more policies. For example, Figure 1C shows that the management agent 135 (i.e., through the anti-virus agent 160) selects the baseline copies and updates of the file 133 (i.e., for the time "t 0 "-"t 5 "), and moves Except for any viral infections. The management agent 135 then prepares a clean copy 195 of the material and sends a corresponding instruction 190 to replace the original copy 165, 170, 175, 180, 185 of the material in the storage directory 145 with New, clean information 195.
從而,第1A-2圖提供多項為以確保能夠在整個備份系統100上有效地傳播經識別之病毒資訊的元件及機制。由於該等及其他特性,故可更有效地減緩與病毒相關之不利複製的威脅。特別是,根據本揭所討論之原理,廣泛的病毒資訊散佈可提供多項額外特性。例如,該生產伺服器105可收到一或更多對於經或既經感染之資料的請求。該生產伺服器105可,像是透過該共同過濾器125,決定該請求與一或更多相關於一或更多病毒指示器之檔案相關聯,並且基於任意數量的生產伺服器政策拒絕或准允該請求。Thus, FIG. 1A-2 provides a number of elements and mechanisms to ensure efficient identification of the identified virus information throughout the backup system 100. Because of these and other characteristics, the threat of adverse replication associated with viruses can be mitigated more effectively. In particular, extensive viral information dissemination provides a number of additional features in accordance with the principles discussed in this disclosure. For example, the production server 105 can receive one or more requests for data that has been or has been infected. The production server 105 can, by means of the common filter 125, determine that the request is associated with one or more files associated with one or more virus indicators and is rejected or quasi based on any number of production server policies. Allow the request.
亦可按一類似方式來處置對於某些備份資料的請求。例如,一使用者或會請求一或更多既經儲存在該備份伺服器110上(亦即既經備份)的檔案。該共同過濾器125(或另一適當代理器)可自一索引識別出該請求牽涉到一或更多先前在一時點處與一或更多病毒指示器相關的檔案。接著,該生產伺服器105可對該使用者提供一警示,或甚依據該等請求而在稍後掃描並移除任何自該備份伺服器110所收到的相對應資料。Requests for certain backup materials can also be handled in a similar manner. For example, a user may request one or more files that are both stored on the backup server 110 (ie, backed up). The common filter 125 (or another suitable agent) can identify from an index that the request involves one or more files previously associated with one or more virus indicators at a point in time. Next, the production server 105 can provide a warning to the user or scan and remove any corresponding data received from the backup server 110 at a later time in accordance with the requests.
類似地,對於備份資料而自該生產伺服器105傳至該備份伺服器110的請求可牽涉到相同的運算方式。亦即,該管理代理器135可自一或更多的請求識別出所請求之資料係與一或更多病毒指示器相關聯,或者是與一或更多的檔案相關聯,而這些檔案又經接附於該等一或更多的病毒指示器。接著,該管理代理器135可依照任意數量的各種政策設定,在送返該資料之前先移除該病毒,拒絕該請求等等。Similarly, a request from the production server 105 to the backup server 110 for backing up data may involve the same computational approach. That is, the management agent 135 can identify from one or more requests that the requested data is associated with one or more virus indicators, or is associated with one or more files, and the files are Attached to one or more of the virus indicators. The management agent 135 can then remove the virus, reject the request, etc. before returning the data in accordance with any number of various policy settings.
本發明之各項目具體實施例可包含一含有各種電腦硬體之特殊目的或一般目的電腦,即如底下按進一步細節所討論者。本發明範圍內的具體實施例亦包含電腦可讀取媒體,以供載荷或具有經儲存於其上之電腦可執行指令或資料結構。此電腦可讀取媒體可為任何能夠由一般目的性或特殊目的性電腦存取的可獲用媒體。Specific embodiments of the various aspects of the invention may include a special purpose or general purpose computer containing various computer hardware, as discussed further below. Particular embodiments within the scope of the invention also include computer readable media for payload or having computer executable instructions or data structures stored thereon. This computer readable medium can be any available media that can be accessed by a general purpose or special purpose computer.
藉由範例,而非限制,此等電腦可讀取媒體包含RAM、ROM、EEPROM、CD-ROM或其他光碟儲存物,磁碟儲存物或其他磁性儲存裝置,或是任何其他可用以按電腦可執行指令或資料結構之形式而載荷或儲存所欲程式碼,並且可由一般目的性或特殊目的性電腦存取,的媒體。當透過一網路或其他通訊連接(硬體接線、無線或是一硬體接線或無線的組合)而將資訊傳送或提供至一電腦時,該電腦可適當地將該連接視如一電腦可讀取媒體。如此,可將任何此類連接適當地稱為一電腦可讀取媒體。上述各者之組合亦應被納入在電腦可讀取媒體的範圍內。By way of example and not limitation, such computer readable media may include RAM, ROM, EEPROM, CD-ROM or other optical disk storage, disk storage or other magnetic storage device, or any other computer A medium that loads or stores the desired code in the form of an instruction or data structure and that can be accessed by a general purpose or special purpose computer. When transmitting or providing information to a computer through a network or other communication connection (hardwired, wireless or a combination of hardware or wireless), the computer can properly view the connection as if it were a computer Take the media. As such, any such connection can be properly termed a computer readable medium. Combinations of the above should also be included in the scope of computer readable media.
可執行指令包含例如指令及資料,這些能夠令一般目的性電腦、特殊目的性電腦、或特殊目的性處理裝置以執行某一功能或某組功能。雖既已按照特定於結構特性及/或方法動作之語言來描述主題事項,然應了解在後載申請專利範圍中所定義主題事項並非必然地受限於前述各項特定特性或動作。相反地,上述各項特定特性及動作係按如實作該申請專利範圍之範例形式所揭示。Executable instructions include, for example, instructions and materials that enable a general purpose computer, special purpose computer, or special purpose processing device to perform a function or group of functions. Although the subject matter has been described in terms of specific structural features and/or methodological acts, it should be understood that the subject matter defined in the scope of the appended claims is not necessarily limited to the specific features or actions described. Rather, the specific features and acts described above are disclosed as examples of the scope of the application.
可按其他特定形式具體實作本發明,而不致悖離其精神或基本特徵。所述之各項具體實施例在各方面皆應被視為僅具有示範性質,而非限制性質者。因此,本發明範圍是由後載申請專利範圍,而非由前揭說明,所表示。所有歸屬於本申請專利範圍等同項目之意義與範疇中的變化皆應經涵蓋於其範圍內。The present invention may be embodied in other specific forms without departing from the spirit or essential characteristics. The various embodiments described are considered in all respects as illustrative and not restrictive. Accordingly, the scope of the invention is intended to be All changes in the meaning and scope of the items belonging to the scope of the patent application are intended to be included within the scope thereof.
100...備份系統100. . . Backup system
103...檔案寫入103. . . File write
103a...檔案寫入拷貝103a. . . File write copy
105...生產伺服器105. . . Production server
107...檔案寫入107. . . File write
110...備份伺服器110. . . Backup server
113...病毒113. . . virus
115...過濾器管理器115. . . Filter manager
117...病毒指示器117. . . Virus indicator
117a...病毒指示器拷貝117a. . . Virus indicator copy
120...目錄120. . . table of Contents
123...防毒元件123. . . Antivirus element
125...過濾器125. . . filter
127...複製元件127. . . Copy component
130...日誌檔案130. . . Log file
133...檔案133. . . file
135...管理代理器135. . . Management agent
137...檔案137. . . file
140...政策設定140. . . Policy setting
143...回應動作集合143. . . Response action set
145...儲存目錄145. . . Storage directory
147...回應動作147. . . Response action
150...防毒定義150. . . Antivirus definition
155...複製政策155. . . Copy policy
160...防毒代理器160. . . Antivirus agent
165...複製項165. . . Copy item
170...更新170. . . Update
175...更新175. . . Update
180...更新180. . . Update
185...更新185. . . Update
190...指令(替換為)190. . . Instruction (replaced with)
195...新資料195. . . New information
為說明其中可獲致本發明之前述及其他優點與特性的方式,底下將參照於其如後載各圖式所繪之特定具體實施例,以論析一如前所簡述的本發明更特別說明。瞭解這些圖繪說明僅描述本發明之各項典型具體實施例,並因而不應被視為限制其範圍,從而將透過使用隨附圖式,藉由額外的特定性與細節以描述且解釋本發明,其中:第1A圖說明一根據本發明之一實作的概略圖,其中一生產伺服器透過一共同防毒/複製過濾器對檔案寫入進行掃描,並且將該等檔案寫入提供至一備份伺服器;第1B圖說明一根據本發明之一實作,在該生產伺服器處之處理程序的進一步詳細圖式,其中該共同防毒/複製過濾器在將檔案寫入發送至一日誌檔案之前,先對該等所收檔案寫入之一或更多者標註以一或更多的病毒指示器;第1C圖說明一略圖,其中,根據本發明之一實作,該備份伺服器接收含有一或更多病毒指示器的一或更多資料備份,並且對該等執行一或更多的相對應回應動作;以及第2圖根據本發明之一實作,從一生產伺服器及一備份伺服器之觀點,說明一為以在整個備份系統上散播對於檔案寫入之防毒註解的方法流程圖。To illustrate the foregoing and other advantages and features of the present invention, the specific embodiments of the present invention will be described with reference to the accompanying drawings. Description. The illustrations of the present invention are intended to depict only typical embodiments of the present invention and are not to be construed as limiting the scope of the invention. Invention, wherein: FIG. 1A illustrates a schematic diagram of an implementation according to one embodiment of the present invention, wherein a production server scans a file write through a common antivirus/copy filter and provides the file write to one Backup Server; FIG. 1B illustrates a further detailed diagram of a processing procedure at the production server in accordance with one implementation of the present invention, wherein the common antivirus/copy filter sends a file write to a log file Previously, one or more of the received files are first marked with one or more virus indicators; FIG. 1C illustrates a thumbnail diagram in which the backup server receives according to one of the embodiments of the present invention. Backing up one or more data containing one or more virus indicators and performing one or more corresponding response actions to the same; and Figure 2 is implemented in accordance with one of the present invention, from a production server A backup server's point of view, to be described as a backup system for distributing over the entire flow chart for a method of writing file antivirus annotations.
100...備份系統100. . . Backup system
103...檔案寫入103. . . File write
105...生產伺服器105. . . Production server
107...檔案寫入107. . . File write
110...備份伺服器110. . . Backup server
115...過濾器管理器115. . . Filter manager
120...目錄120. . . table of Contents
125...過濾器125. . . filter
130...日誌檔案130. . . Log file
135...管理代理器135. . . Management agent
140...政策設定140. . . Policy setting
143...回應動作集合143. . . Response action set
145...儲存目錄145. . . Storage directory
Claims (16)
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US11/421,996 US7730538B2 (en) | 2006-06-02 | 2006-06-02 | Combining virus checking and replication filtration |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TW200817963A TW200817963A (en) | 2008-04-16 |
| TWI434195B true TWI434195B (en) | 2014-04-11 |
Family
ID=38791950
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW096112920A TWI434195B (en) | 2006-06-02 | 2007-04-12 | Method and computer program product for managing virus and backup filtration processes |
Country Status (14)
| Country | Link |
|---|---|
| US (1) | US7730538B2 (en) |
| EP (1) | EP2033099B1 (en) |
| JP (1) | JP5049341B2 (en) |
| KR (1) | KR101153031B1 (en) |
| CN (1) | CN101460933B (en) |
| AU (1) | AU2007257446B2 (en) |
| BR (1) | BRPI0712431A2 (en) |
| CA (1) | CA2652221C (en) |
| MX (1) | MX2008015225A (en) |
| MY (1) | MY149872A (en) |
| RU (1) | RU2434267C2 (en) |
| TW (1) | TWI434195B (en) |
| WO (1) | WO2007142715A1 (en) |
| ZA (1) | ZA200900022B (en) |
Families Citing this family (43)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7437760B2 (en) * | 2002-10-10 | 2008-10-14 | International Business Machines Corporation | Antiviral network system |
| US8533818B1 (en) * | 2006-06-30 | 2013-09-10 | Symantec Corporation | Profiling backup activity |
| US8099785B1 (en) * | 2007-05-03 | 2012-01-17 | Kaspersky Lab, Zao | Method and system for treatment of cure-resistant computer malware |
| US7934262B1 (en) * | 2007-12-26 | 2011-04-26 | Emc (Benelux) B.V., S.A.R.L. | Methods and apparatus for virus detection using journal data |
| US8312469B2 (en) * | 2008-01-08 | 2012-11-13 | International Business Machines Corporation | Implicit interaction of portal application components |
| US8863287B1 (en) * | 2008-06-26 | 2014-10-14 | Emc Corporation | Commonality factoring pattern detection |
| US8812455B1 (en) | 2008-09-30 | 2014-08-19 | Emc Corporation | Efficient data backup |
| US8347388B1 (en) | 2008-09-30 | 2013-01-01 | Emc Corporation | System and method for orchestrating services |
| US8090689B1 (en) | 2008-09-30 | 2012-01-03 | Emc Corporation | Efficient data recovery |
| US8595607B2 (en) | 2009-06-04 | 2013-11-26 | Abbott Diabetes Care Inc. | Method and system for updating a medical device |
| US8347048B2 (en) * | 2009-10-30 | 2013-01-01 | Ca, Inc. | Self learning backup and recovery management system |
| US8640241B2 (en) * | 2009-11-16 | 2014-01-28 | Quatum Corporation | Data identification system |
| JP2013523043A (en) | 2010-03-22 | 2013-06-13 | エルアールディシー システムズ、エルエルシー | How to identify and protect the integrity of a source dataset |
| US8843444B2 (en) | 2010-05-18 | 2014-09-23 | Ca, Inc. | Systems and methods to determine security holes of a backup image |
| US8407795B2 (en) * | 2010-05-18 | 2013-03-26 | Ca, Inc. | Systems and methods to secure backup images from viruses |
| US20120124007A1 (en) * | 2010-11-16 | 2012-05-17 | F-Secure Corporation | Disinfection of a file system |
| US8850261B2 (en) | 2011-06-01 | 2014-09-30 | Microsoft Corporation | Replaying jobs at a secondary location of a service |
| US10585766B2 (en) | 2011-06-06 | 2020-03-10 | Microsoft Technology Licensing, Llc | Automatic configuration of a recovery service |
| US8387141B1 (en) * | 2011-09-27 | 2013-02-26 | Green Head LLC | Smartphone security system |
| KR101337215B1 (en) * | 2011-12-27 | 2013-12-05 | 주식회사 안랩 | Object data backup apparatus and backup server |
| US20130185800A1 (en) * | 2011-12-30 | 2013-07-18 | Perlego Systems, Inc. | Anti-virus protection for mobile devices |
| US20130227352A1 (en) * | 2012-02-24 | 2013-08-29 | Commvault Systems, Inc. | Log monitoring |
| JP5987913B2 (en) * | 2012-09-26 | 2016-09-07 | 富士通株式会社 | Information processing apparatus, information processing method, and information processing program |
| US9378370B2 (en) | 2013-06-17 | 2016-06-28 | Microsoft Technology Licensing, Llc | Scanning files for inappropriate content during synchronization |
| US20140379637A1 (en) * | 2013-06-25 | 2014-12-25 | Microsoft Corporation | Reverse replication to rollback corrupted files |
| US9058488B2 (en) * | 2013-08-14 | 2015-06-16 | Bank Of America Corporation | Malware detection and computer monitoring methods |
| US20150154398A1 (en) * | 2013-12-03 | 2015-06-04 | International Business Machines Corporation | Optimizing virus scanning of files using file fingerprints |
| US20150172304A1 (en) * | 2013-12-16 | 2015-06-18 | Malwarebytes Corporation | Secure backup with anti-malware scan |
| RU2584505C2 (en) * | 2014-04-18 | 2016-05-20 | Закрытое акционерное общество "Лаборатория Касперского" | System and method for filtering files to control applications |
| CN104217165B (en) * | 2014-09-16 | 2016-07-06 | 百度在线网络技术(北京)有限公司 | The processing method of file and device |
| US10284593B1 (en) * | 2015-01-15 | 2019-05-07 | EMC IP Holding Company LLC | Protecting newly restored clients from computer viruses |
| US9934378B1 (en) * | 2015-04-21 | 2018-04-03 | Symantec Corporation | Systems and methods for filtering log files |
| US9990491B2 (en) * | 2016-01-19 | 2018-06-05 | International Business Machines Corporation | Methods and systems for assessing and remediating online servers with minimal impact |
| US10255138B2 (en) * | 2016-08-17 | 2019-04-09 | Bank Of America Corporation | Disaster recovery tool |
| US11275834B1 (en) * | 2017-01-12 | 2022-03-15 | Richard Offer | System for analyzing backups for threats and irregularities |
| US10320818B2 (en) * | 2017-02-14 | 2019-06-11 | Symantec Corporation | Systems and methods for detecting malicious computing events |
| US10990282B1 (en) | 2017-11-28 | 2021-04-27 | Pure Storage, Inc. | Hybrid data tiering with cloud storage |
| US10831888B2 (en) | 2018-01-19 | 2020-11-10 | International Business Machines Corporation | Data recovery enhancement system |
| US11436344B1 (en) | 2018-04-24 | 2022-09-06 | Pure Storage, Inc. | Secure encryption in deduplication cluster |
| US11392553B1 (en) | 2018-04-24 | 2022-07-19 | Pure Storage, Inc. | Remote data management |
| US11100064B2 (en) | 2019-04-30 | 2021-08-24 | Commvault Systems, Inc. | Automated log-based remediation of an information management system |
| US11971989B2 (en) | 2021-02-02 | 2024-04-30 | Predatar Ltd | Computer recovery system |
| US20240045743A1 (en) * | 2022-08-04 | 2024-02-08 | Salesforce, Inc. | Generating a federated application programming interface for heterogenous data sources |
Family Cites Families (39)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5440723A (en) * | 1993-01-19 | 1995-08-08 | International Business Machines Corporation | Automatic immune system for computers and computer networks |
| US5819272A (en) * | 1996-07-12 | 1998-10-06 | Microsoft Corporation | Record tracking in database replication |
| US5995980A (en) * | 1996-07-23 | 1999-11-30 | Olson; Jack E. | System and method for database update replication |
| US5832208A (en) * | 1996-09-05 | 1998-11-03 | Cheyenne Software International Sales Corp. | Anti-virus agent for use with databases and mail servers |
| US5956481A (en) * | 1997-02-06 | 1999-09-21 | Microsoft Corporation | Method and apparatus for protecting data files on a computer from virus infection |
| GB2327781A (en) * | 1997-07-26 | 1999-02-03 | Ibm | Data replication tracking method for a distributed data processing system |
| JPH11134234A (en) * | 1997-08-26 | 1999-05-21 | Reliatec Ltd | Backup list method, its controller and recording medium which records backup restoration program and which computer can read |
| US6405219B2 (en) * | 1999-06-22 | 2002-06-11 | F5 Networks, Inc. | Method and system for automatically updating the version of a set of files stored on content servers |
| US6477583B1 (en) * | 1999-11-15 | 2002-11-05 | Novell, Inc. | Infrastructure for supporting file replications |
| US6973464B1 (en) * | 1999-11-15 | 2005-12-06 | Novell, Inc. | Intelligent replication method |
| US6625623B1 (en) * | 1999-12-16 | 2003-09-23 | Livevault Corporation | Systems and methods for backing up data files |
| US7412462B2 (en) | 2000-02-18 | 2008-08-12 | Burnside Acquisition, Llc | Data repository and method for promoting network storage of data |
| US6748534B1 (en) * | 2000-03-31 | 2004-06-08 | Networks Associates, Inc. | System and method for partitioned distributed scanning of a large dataset for viruses and other malware |
| EP1202148A1 (en) | 2000-10-31 | 2002-05-02 | Hewlett-Packard Company, A Delaware Corporation | Virus check on altered data |
| US7346928B1 (en) * | 2000-12-01 | 2008-03-18 | Network Appliance, Inc. | Decentralized appliance virus scanning |
| KR20010044706A (en) | 2001-03-19 | 2001-06-05 | 이종우 | Method and System for preventing Computer Virus Program |
| US6931552B2 (en) * | 2001-05-02 | 2005-08-16 | James B. Pritchard | Apparatus and method for protecting a computer system against computer viruses and unauthorized access |
| US7065767B2 (en) * | 2001-06-29 | 2006-06-20 | Intel Corporation | Managed hosting server auditing and change tracking |
| JP4733323B2 (en) * | 2001-09-17 | 2011-07-27 | 株式会社アール・アイ | Data batch protection system |
| US20040107199A1 (en) * | 2002-08-22 | 2004-06-03 | Mdt Inc. | Computer application backup method and system |
| US7437760B2 (en) * | 2002-10-10 | 2008-10-14 | International Business Machines Corporation | Antiviral network system |
| JPWO2004075060A1 (en) * | 2003-02-21 | 2006-06-01 | 田部井 光 | Computer virus judgment method |
| US20040193952A1 (en) * | 2003-03-27 | 2004-09-30 | Charumathy Narayanan | Consistency unit replication in application-defined systems |
| US20040199552A1 (en) * | 2003-04-01 | 2004-10-07 | Microsoft Corporation | Transactionally consistent change tracking for databases |
| US7558927B2 (en) * | 2003-05-06 | 2009-07-07 | Aptare, Inc. | System to capture, transmit and persist backup and recovery meta data |
| US20050021524A1 (en) * | 2003-05-14 | 2005-01-27 | Oliver Jack K. | System and method of managing backup media in a computing environment |
| US7257257B2 (en) | 2003-08-19 | 2007-08-14 | Intel Corporation | Method and apparatus for differential, bandwidth-efficient and storage-efficient backups |
| US7392542B2 (en) * | 2003-08-29 | 2008-06-24 | Seagate Technology Llc | Restoration of data corrupted by viruses using pre-infected copy of data |
| US7222143B2 (en) * | 2003-11-24 | 2007-05-22 | Lenovo (Singapore) Pte Ltd. | Safely restoring previously un-backed up data during system restore of a failing system |
| US7475427B2 (en) * | 2003-12-12 | 2009-01-06 | International Business Machines Corporation | Apparatus, methods and computer programs for identifying or managing vulnerabilities within a data processing network |
| US7398399B2 (en) * | 2003-12-12 | 2008-07-08 | International Business Machines Corporation | Apparatus, methods and computer programs for controlling performance of operations within a data processing system or network |
| US7996363B2 (en) * | 2004-05-19 | 2011-08-09 | Oracle International Corporation | Real-time apply mechanism in standby database environments |
| JP2006072684A (en) * | 2004-09-02 | 2006-03-16 | Hitachi Ltd | Storage network system, management server, host and storage device |
| KR100704721B1 (en) | 2004-09-10 | 2007-04-06 | (주) 세이프아이 | method for computer protection with real-time monitoring and thereby computer and thereby system |
| US7478237B2 (en) * | 2004-11-08 | 2009-01-13 | Microsoft Corporation | System and method of allowing user mode applications with access to file data |
| US20060130144A1 (en) * | 2004-12-14 | 2006-06-15 | Delta Insights, Llc | Protecting computing systems from unauthorized programs |
| US20060272012A1 (en) * | 2005-05-31 | 2006-11-30 | Chao-Hung Wu | Multifunction server system |
| US7836500B2 (en) * | 2005-12-16 | 2010-11-16 | Eacceleration Corporation | Computer virus and malware cleaner |
| JP2007219611A (en) * | 2006-02-14 | 2007-08-30 | Hitachi Ltd | Backup device and backup method |
-
2006
- 2006-06-02 US US11/421,996 patent/US7730538B2/en active Active
-
2007
- 2007-03-15 JP JP2009513132A patent/JP5049341B2/en not_active Expired - Fee Related
- 2007-03-15 BR BRPI0712431-7A patent/BRPI0712431A2/en not_active Application Discontinuation
- 2007-03-15 CA CA2652221A patent/CA2652221C/en not_active Expired - Fee Related
- 2007-03-15 MX MX2008015225A patent/MX2008015225A/en active IP Right Grant
- 2007-03-15 RU RU2008147406/08A patent/RU2434267C2/en not_active IP Right Cessation
- 2007-03-15 AU AU2007257446A patent/AU2007257446B2/en not_active Ceased
- 2007-03-15 KR KR1020087029411A patent/KR101153031B1/en active IP Right Grant
- 2007-03-15 ZA ZA200900022A patent/ZA200900022B/en unknown
- 2007-03-15 EP EP07753241.4A patent/EP2033099B1/en not_active Not-in-force
- 2007-03-15 WO PCT/US2007/006598 patent/WO2007142715A1/en active Application Filing
- 2007-03-15 MY MYPI20084555A patent/MY149872A/en unknown
- 2007-03-15 CN CN2007800201812A patent/CN101460933B/en not_active Expired - Fee Related
- 2007-04-12 TW TW096112920A patent/TWI434195B/en not_active IP Right Cessation
Also Published As
| Publication number | Publication date |
|---|---|
| KR101153031B1 (en) | 2012-06-04 |
| MX2008015225A (en) | 2008-12-12 |
| EP2033099B1 (en) | 2017-02-15 |
| CA2652221C (en) | 2014-04-29 |
| CN101460933B (en) | 2012-03-28 |
| WO2007142715A1 (en) | 2007-12-13 |
| TW200817963A (en) | 2008-04-16 |
| MY149872A (en) | 2013-10-31 |
| CA2652221A1 (en) | 2007-12-13 |
| EP2033099A1 (en) | 2009-03-11 |
| RU2434267C2 (en) | 2011-11-20 |
| CN101460933A (en) | 2009-06-17 |
| AU2007257446B2 (en) | 2011-09-22 |
| RU2008147406A (en) | 2010-06-10 |
| JP5049341B2 (en) | 2012-10-17 |
| EP2033099A4 (en) | 2012-12-05 |
| ZA200900022B (en) | 2010-03-31 |
| US7730538B2 (en) | 2010-06-01 |
| KR20090014367A (en) | 2009-02-10 |
| US20070283438A1 (en) | 2007-12-06 |
| AU2007257446A1 (en) | 2007-12-13 |
| JP2009539177A (en) | 2009-11-12 |
| BRPI0712431A2 (en) | 2012-07-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI434195B (en) | Method and computer program product for managing virus and backup filtration processes | |
| US8495037B1 (en) | Efficient isolation of backup versions of data objects affected by malicious software | |
| US7540027B2 (en) | Method/system to speed up antivirus scans using a journal file system | |
| US8484737B1 (en) | Techniques for processing backup data for identifying and handling content | |
| US20120124007A1 (en) | Disinfection of a file system | |
| US9116848B1 (en) | Method of detecting data loss using multiple references to a file in a deduplication backup system | |
| US20080195676A1 (en) | Scanning of backup data for malicious software | |
| US20220131879A1 (en) | Malicious activity detection and remediation in virtualized file servers | |
| US20080016564A1 (en) | Information protection method and system | |
| CN107563199A (en) | It is a kind of that software detection and defence method in real time are extorted based on file request monitoring | |
| US8825606B1 (en) | Community based restore of computer files | |
| Wagner et al. | Carving database storage to detect and trace security breaches | |
| US20130333042A1 (en) | Storage system and storage system management method | |
| US8347388B1 (en) | System and method for orchestrating services | |
| US8667591B1 (en) | Commonality factoring remediation | |
| US20230289443A1 (en) | Malicious activity detection, validation, and remediation in virtualized file servers | |
| US9536085B2 (en) | Data management of potentially malicious content | |
| US7447850B1 (en) | Associating events with the state of a data set | |
| EP4288864A1 (en) | Computer recovery system | |
| Mallery | Secure file deletion: Fact or fiction? | |
| Jantali et al. | Date Spillage Remediation Techniques in Hadoop | |
| WO2007015266A2 (en) | System and method of time based hierarchical storage management | |
| Salman et al. | A Study of Forensic Tools Data Recovery Performance |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MM4A | Annulment or lapse of patent due to non-payment of fees |